CLASSIFY vs MARK ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
I would like to know how what is the diference between MARK and CLASSIFY target ? ¿ Whichone give better performance with lot's of traffic / rules ? 
Seems that the LARTC doesn't works anymore ? ...
I understand that MARK + Connmark module is able set a connection state to "related" and put the mark automaticaly on each packet ... isn't it ? 
As I can test use CLASSIFY target is fare easy ...
My twice example works, traffic is matched/shaped properly (I'm using a bridge). 

Do CLASSIFY target use CONNTRACK  module ?
Does it exists a way to use CLASSIFY in the same way as MARK ... I mean CLASSIFY the first packet and set the connection state to "related" to automaticaly put 
other packets in the proper tc class ?
CLASSIFY is a feature of 2.6.x kernel and most of QoS scripts I've found are for 2.4.x
I need to filter lot of P2P with Ipp2p and l7filter this is why I'm searching to optimize my rules for better performance. Seems that with Ipp2p you must use MARK but for other kind of traffic like VoIP, Ftp or Web ? 

Any comments, tips or help is welcome :)

Regards


--- Connmark / MARK version ---
#!/bin/sh

TC=/sbin/tc
IPT=/sbin/iptables


${IPT} -t mangle -F
${IPT} -t mangle -X

${TC} qdisc del dev eth0 root

${TC} qdisc add dev eth0 handle 1: root htb default 1
${IPT} -t mangle -N postrouting_eth0
${IPT} -t mangle -A POSTROUTING -m physdev --physdev-out eth0 -j postrouting_eth0
${TC} class add dev eth0 parent 1: classid 1:1 htb rate 2048Kbit ceil 2048Kbit ${TC} class add dev eth0 parent 1:1 classid 1:10 htb rate 64Kbit ceil 2048Kbit prio 0 ${TC} filter add dev eth0 protocol ip pref 2 parent 1: handle 10 fw classid 1:10 

${IPT} -A postrouting_eth0 -t mangle -j CONNMARK --restore-mark
${IPT} -A postrouting_eth0 -t mangle -m mark ! --mark 0 -j RETURN
${IPT} -A postrouting_eth0 -t mangle -p tcp --sport 80 -j MARK --set-mark 0xa 

${IPT} -A postrouting_eth0 -t mangle -j CONNMARK --save-mark
${IPT} -A postrouting_eth0 -t mangle -j RETURN


--- CLASSIFY version ---
#!/bin/sh

TC=/sbin/tc
IPT=/sbin/iptables

${IPT} -t mangle -F
${IPT} -t mangle -X

${TC} qdisc del dev eth0 root

${TC} qdisc add dev eth0 handle 1: root htb default 1
${IPT} -t mangle -N postrouting_eth0
${IPT} -t mangle -A POSTROUTING -m physdev --physdev-out eth0 -j postrouting_eth0
${TC} class add dev eth0 parent 1: classid 1:1 htb rate 2048Kbit ceil 2048Kbit ${TC} class add dev eth0 parent 1:1 classid 1:10 htb rate 64Kbit ceil 2048Kbit prio 0
${IPT} -A postrouting_eth0 -t mangle -p tcp --sport 80 -j CLASSIFY --set-class 1:10 


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux